9. Create a Strong Security Culture - Hard Measures
Just as ‘soft’ security measures require clear communication of your organisation’s security culture, ‘hard’ measures require establishing clear procedures to address any failures to adhere to security policy.
This sends out a clear message that your organisation takes security matters seriously and will act as a deterrent to poor security behaviour. You need to know:
- What are your organisation’s procedures for dealing with poor security behaviour?
- Are the procedures for dealing with poor security behaviour clearly communicated to staff?
- How is non-compliance addressed?
CPNI guidance on security culture and other relevant information is available:
- Security culture tool – help on shaping the strategic direction of your security policies
- Guard force motivation – guidance for security managers including how to run a guardforce motivation project
- Ongoing personnel security – includes advice on shaping a strong security culture, the role of policies and procedures, and compliance
There is also a range of campaign toolkits for security managers to use to encourage strong secure behaviours: